Week 5 In Review – 2015

Resources

  • Army cyber defenders open source code in new GitHub project – army.mil
    Army cyber defenders released code to help detect and understand cyber attacks. The forensic analysis code called Dshell has been used, for nearly five years, as a framework to help the U.S. Army understand the events of compromises of Department of Defense networks.

Tools

  • Vane – github.com
    Vane is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan. You can download this from here.
  • lisa.py – github.com
    An Exploit Dev Swiss Army Knife. Virsion:v-ichi. Download this from here.

Techniques

  • BadSamba – Exploiting Windows Startup Scripts Using A Malicious SMB Server – blog.gdssecurity.com
    The scenario for this post includes a startup script running from a remote server using an SMB share. After seeing a similar scenario wherein a script was being run from a remote SMB share, this got Sam Bertram thinking, Would it be possible to spoof the SMB server? From this idea the concept of BadSamba was born.
  • Patching, Emulating, and Debugging a Netgear Embedded Web Server – shadow-file.blogspot.com
    This should get you started emulating and debugging some more challenging binaries. With enough work you can get fairly complicated programs from an embedded device running in emulation.

Vendor/Software patches

  • Yet Another Emergency Flash Player Patch – krebsonsecurity.com
    For the second time in a week, Adobe has issued an emergency update to fix a critical security flaw that crooks are actively exploiting in its Flash Player software. Updates are available for Flash Player on Windows and Mac OS X.

Vulnerabilities

  • GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems – threatpost.com
    A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines.

    • Some notes on GHOST -blog.erratasec.com
      Robert Graham haven’t seen anybody compile a list of key points about the GHOST bug, so he thought he’d write up some things. He get this from reading the code, but mostly from the advisory.
  • BlackPwn: BlackPhone SilentText Type Confusion Vulnerability -blog.azimuthsecurity.com
    While exploring recently purchased BlackPhone, Mark discovered that the messaging application contains a serious memory corruption vulnerability that can be triggered remotely by an attacker. This post discusses the technical details of this vulnerability.

Other News

  • FCC: Blocking Wi-Fi in hotels is prohibited – arstechnica.com
    On Tuesday, the Federal Communications Commission issued an “Enforcement Advisory” stating that blocking W-Fi in hotels is unequivocally “prohibited.” The FCC bluntly stated, referencing a dispute between Marriott and its customers who said the hotel chain had blocked their personal hotspots to force them to pay for Marriott’s Wi-Fi services.
  • Prosecutors Trace $13.4M in Bitcoins From the Silk Road to Ulbricht’s Laptop – wired.com
    A former federal agent has shown in a courtroom that he traced hundreds of thousands of bitcoins from the Silk Road anonymous marketplace for drugs directly to the personal computer of Ross Ulbricht, the 30-year-old accused of running that contraband bazaar.

One Comment

  1. Week 5 In Review – 2015 | infopunk.org February 2, 2015 at 3:00 pm

    […] post Week 5 In Review – 2015 appeared first on Infosec […]

Leave A Comment